A security update has been released to address vulnerabilities found in GitLab products.
The vulnerability addressed is CVE-2026-13320, a cross-site scripting (XSS) vulnerability (a vulnerability that allows malicious scripts to be injected into and executed on a web page) in GitLab CE/EE—a cross-site scripting (XSS) vulnerability (a vulnerability that allows malicious scripts to be injected into and executed on a web page)—and CVE-2026-6896, a cross-site scripting vulnerability affecting GitLab EE.
The Affected Versions are as follows:
CVE-2026-6896: GitLab EE versions 13.11 Through 18.11.7, 19.0 Through 19.0.4, And 19.1 Through 19.1.2.
CVE-2026-13320: GitLab CE and GitLab EE versions 15.7 Through 18.11.7, 19.0 Through 19.0.4, And 19.1 Through 19.1.2.
Patches have been provided via the latest updates, and instructions have been issued to update GitLab CE/EE to versions 18.11.7, 19.0.4, And 19.1.2.
Users of these products must update to the latest versions with Vulnerability Patches following the instructions on the reference site.